Svoboda Cybersecurity Brief June 20, 2025

Jun 20, 2025

Ireland’s Data Protection Commission (DPC) issued €652M in fines in 2024, including €310M to LinkedIn for unlawful behavioral advertising and €251M to Meta for user token breaches. The DPC processed 11,091 cases and saw a 11% increase in breach notifications, with 50% caused by misdirected correspondence.
Source: DataBreaches.net

Ryuk Ransomware Initial Access Specialist Extradited to US

A 33-year-old Ukrainian national, key to Ryuk ransomware’s initial network access, was extradited to the US. He facilitated attacks across France, Norway, Germany, and the US before Ryuk rebranded as Conti in 2020.
Source: BleepingComputer

Chinese APT29 Exploits Gmail App Passwords to Bypass 2FA

Russian-linked APT29 (UNC6293) used Google App Passwords to bypass 2FA, targeting academics and critics via fake State Department emails. Attackers built rapport over weeks to trick victims into sharing 16-digit codes for mailbox access.
Impact: Persistent email access for espionage.
Mitigation: Disable app passwords for high-risk accounts; monitor for unusual access.
Source: The Hacker News

GodFather Android Malware Uses Virtualization to Hijack Banking Apps

A new GodFather variant creates virtual environments to run legitimate banking apps, stealing credentials in real time. It targets 500+ apps globally, currently focusing on Turkish banks, and bypasses detection using StubActivity and Xposed hooks.
Impact: Theft of banking credentials and transaction manipulation.
Mitigation: Avoid sideloading APKs; enable Play Protect; review app permissions.
Source: BleepingComputer

Linux PAM and Udisks Flaws Allow Root Access

CVE-2025-6018 (PAM flaw in SUSE) and CVE-2025-6019 (libblockdev via udisks) enable local privilege escalation to root. Qualys confirmed exploits on Ubuntu, Debian, and Fedora. A separate CVE-2025-6020 in Linux PAM allows symlink attacks.
Impact: Full system compromise.
Mitigation: Patch systems; modify Polkit rules to require auth_admin for udisks.
Source: The Hacker News

Predatory Sparrow Destroys $90M in Iranian Crypto Exchange Hack

The Israeli-linked group wiped $90M from Nobitex, Iran’s largest crypto exchange, locking funds in unrecoverable wallets. The attack followed cyber strikes on Bank Sepah and aligns with kinetic Israel-Iran conflicts.
Source: SecurityWeek

Krispy Kreme Confirms 161K Impacted by Play Ransomware Attack

The Play ransomware gang stole employee SSNs, financial data, and medical records in a November 2024 breach. Data was leaked after the company refused to pay, costing $11M+ in remediation.
Source: SecurityWeek

BlueNoroff Uses Deepfake Zoom Calls to Deploy macOS Backdoor

North Korea’s BlueNoroff impersonated executives in Zoom calls to deliver AppleScript payloads, including a Nim-based backdoor and keylogger. Targets included a Web3 employee lured via Calendly links.
Impact: Full device compromise and data exfiltration.
Mitigation: Verify meeting participants; restrict AppleScript execution.
Source: The Hacker News

ChainIQ Breach Exposes UBS, Pictet Employee Data

Swiss procurement firm ChainIQ suffered a ransomware attack by WorldLeaks, leaking 910GB of data including employee contacts from clients like UBS and Pictet. The breach was contained in 8.45 hours.
Source: SecurityWeek

Microsoft Disables Clipboard/Drive Redirection in Windows 365 by Default

New Windows 365 Cloud PCs will block clipboard, USB, and printer redirection by default to prevent data theft. Credential Guard and HVCI are now enabled by default for Windows 11 images.
Source: BleepingComputer

DuckDuckGo Expands Scam Blocker to Fake Stores and Crypto Sites

DuckDuckGo’s Scam Blocker now blocks fake e-commerce, crypto scams, and malvertising using Netcraft’s threat lists. The feature operates locally every 20 minutes without sharing data.
Source: BleepingComputer

Trojanized Open-Source Hacking Tools Spread Malware

Water Curse and Banana Squad actors distributed malware via 76+ GitHub repos, embedding stealers in tools like Sakura RAT. Campaigns targeted red teams and developers since 2023.
Impact: Credential theft and remote access.
Mitigation: Vet open-source tools; scan for suspicious build scripts.
Source: SecurityWeek

“16B Credentials Leak” is Repackaged Infostealer Logs

A 64K-record infostealer log was misreported as a new breach. The data includes URL:username:password pairs from past leaks, circulated on Telegram and Pastebin.
Impact: Credential stuffing risks.
Mitigation: Use unique passwords + 2FA; check Have I Been Pwned.
Source: BleepingComputer

Freedman Healthcare Breach Misreported as Ransomware

World Leaks exfiltrated 52.4GB of employee W-2s and internal files—not patient data—from Freedman Healthcare. The group split from Hunters International to avoid ransomware operations.
Source: DataBreaches.net

Medical Device Cyberattacks Disrupt Patient Care

A Runsafe report found 22% of healthcare orgs faced medical device attacks, with 75% impacting care. 46% rejected devices due to security concerns, while 79% pay premiums for secure alternatives.
Source: DataBreaches.net

Share this brief: https://svo.bz/1Rrd

If you want to support us, you can donate here: Donate